Configuring View_acess Rules in DBSecurityManager

General questions regarding the development with JVx.

Configuring View_acess Rules in DBSecurityManager

Postby prakashg » Wed Dec 21, 2011 6:24 pm

Hello,

I am very new to Jvx, What does View_access Rules in DBSecurityManager do? shall roles and access rules be configured for screens using this, I would like to generate menu based on roles, what is the right way to do it?

-Regards
-Prakash G
prakashg
 
Posts: 2
Joined: Wed Dec 21, 2011 6:14 pm

Re: Configuring View_acess Rules in DBSecurityManager

Postby Support@SIB » Wed Dec 21, 2011 6:57 pm

The access rules, control the access to life-cycle objects per user (see javadoc). No access means Master- or SubConnection creation fails!

The feature is useful if your application menu is not hard-coded e.g. read it from a database or remote config files. Or it is great if you group some actions into life-cycle objects but it should not be possible, for every user, to call the actions. You need restrictions per user to access specific life-cycle objects.

It is possible to implement your own security manager or re-use the DBSecurityManager which offers a full reference implementation based on tables/views.

Do you develop something like this?

Our showcase app Packung! has such a dynamic menu.


Assumption:
You have roles and want to assign screens to roles.
You assign roles to users (means, a user has a list of screens).

The application menu is created automatically based on "user screens".


Possible solution:
You need tables for screens, roles, users. Create relations between them.

You should use the DBSecurityManager and use the USERS table as described [url=forum.sibvisions.com/viewtopic.php?f=11&t=149&p=201]here[/url].

If you use the DBSecurityManager, you should create a view (table is also possible but not so dynamic) with the name V_ACCESSRULES (columns: USERNAME, LIFECYCLENAME). The view should return the allowed life-cycle object names per user.

Now, a user is not able to call actions or objects from life-cycle objects that are not granted.
User avatar
Support@SIB
 
Posts: 198
Joined: Mon Sep 28, 2009 1:56 pm

Re: Configuring View_acess Rules in DBSecurityManager

Postby prakashg » Thu Dec 22, 2011 4:28 pm

Thanks a lot for the response.
I have used the DBSecurityManager login, change password works fine. I am looking at a implementation of dynamic menu based on roles if the framework provides out of the box(I am doing a poc), I am looking at a implementation similar to the you tube video you have posted.
Thanks again for the elaborate response.
prakashg
 
Posts: 2
Joined: Wed Dec 21, 2011 6:14 pm

Re: Configuring View_acess Rules in DBSecurityManager

Postby Support@SIB » Thu Dec 22, 2011 5:09 pm

The framework does not have the implementation for your problem out-of-the-box. But it has everything what you need, to implement it.

We solved the problem with a custom Application implementation. This Application extends the Standard JVx application and adds some features. The implementation is open source and will be available in the next months.

But for your POC, it is not hard to implement what you want:

After the successful login, you should call a server object that returns the screen configuration (menu, title, class name, life-cycle object name). The server object reads the configuration via DBStorage from the database. You need one flat table where you insert your screens.
After you got the information, create your application menu and open the configured screen.

A short example:

Create a server object, e.g.

Code: Select all
public class ScreenConfig
{
    public List<IBean> getAvailableWorkScreens()
    {
        //fetch config from database
    }
}

Configure the Server-Object in your Session LCO, e.g.

Code: Select all
public ScreenConfig getScreenConfig()
{
   ScreenConfig scfg = (ScreenConfig)get("screenConfig");
   
   if (scfg== null)
   {
      scfg = new ScreenConfig();
      
      put("screenConfig", scfg);
   }
   
   return scfg;      
}


And finally, the client call:

Code: Select all
@Override
protected void afterLogin()
{
    super.afterLogin();

    if (isConnected())
    {
        List<IBean> liBeans = (List<IBean>)getConnection().call("screenConfig",
                                                                "getAvailableWorkScreens");

        //create your menu
    }
}


This should simplify your tests.
User avatar
Support@SIB
 
Posts: 198
Joined: Mon Sep 28, 2009 1:56 pm


Return to Development